Critical changes in this release
This topic highlights changes that are made that might impact compatibility with an earlier version in IBM Security Verify Access version 10.0.8.
Platform
- Policy Directory Jar requires extra command-line arguments for Java17.
To use the
PD.jar
utility in Java17, administrators need to explicitly permit access to internal Java classes. Administrators must add the argument--add-exports java.base/sun.security.util=ALL-UNNAMED
when PD.jar is run to ensure that the utility continues to function as expected.
Advanced Access Control (AAC)
- TOTP and HOTP QR code page
The page and API that were used to add TOTP or HOTP enrollments by QR code or text are now deactivated on fresh installations. A new advanced configuration property
otp.usc.legacyBehavior
can be used to re-enable the page, see Advanced configuration properties. The recommendation is to use the new OTP Enrollment mechanism instead, see Configuring an OTP enrollment mechanism. - Update to validation of FIDO Metadata documents
The document verification for FIDO2 metadata documents now requires either an AAGUID or a list of attestation certificate key identifiers, a description, and a list permitted attestation types. For more information, see Metadata.